No matching key found

As you might have experienced… using a recent system to connect to a legacy one could be complicated as some insecure protocols have been disabled, with a message like: Unable to negotiate with 192.168.2.82 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss Create an entry like this in your .ssh/config file, so that insecure methods can be used to connect to a specific host: Host 192.168.2.82 HostKeyAlgorithms=+ssh-rsa KexAlgorithms=+diffie-hellman-group1-sha1 PubkeyAcceptedKeyTypes=+ssh-rsa User root or alternatively on the command line: ...

August 25, 2023 · 1 min · Pablo Iranzo Gómez

[Book] Red Hat Enterprise Linux 9 Administration

Last year, together with my colleagues Miguel and Scott, we released with the help of Packt team the RHEL8 Administration. During this one, with the collaboration of Pedro, a long-time colleague from the University LUG, we worked on the updated Red Hat Enterprise Linux 9 Administration book that it’s now available for preorder on Amazon. As with the previous version, the book targets users willing to learn skills to administer Red Hat Enterprise Linux or compatible systems. It is a hands-on guide to the administration and can be used as reference thanks to the real-life examples provided along the text. ...

October 12, 2022 · 1 min · iranzo

RHCE and RHCSA tips and tricks

I did the RHCE exam some time ago, and still there are some tricks and advices I tell the people to bear in mind some of the things I used and that were also provided in the Red Hat Enterprise 8 Administration book: Don’t remember every step, it’s not effective, for example as I don’t recall syntax for BIND, I do remember package that has some files with examples and I use that one to check what I need to do Install mlocate and run updatedb as soon as you start, then you can use locate <file> to find out files in your system Use your preferred editor… it’s common to use vi or vim as it’s pretty standard, but if you’re used to another, make yourself comfortable in the system. As one instructor like to say: “Anyone with unlimited amount of time will be able to pass the exam”. RHCE is a performance-based exam, that means that you need to cover all the required goals within the exam duration, and in the end, the goals is to accomplish, not to do in the smarter way. For example, if you’re told to configure resolv.conf you can either use nmcli to modify the settings or you can pipe the results to it via echo nameserver 1.1.1.1 > /etc/resolv.conf, in the end, both will have the same effect, and of course, using nmcli will be smarter when you’re keeping multiple systems and using automation… but for the exam, the goal is to focus on the fastest path to master at it. You can find more tricks at Red Hat Enterprise 8 Administration Enjoy! (and if you do, you can Buy Me a Coffee ) ...

July 13, 2022 · 2 min · Pablo Iranzo Gómez

Unsupported upgrade for RHEL-based distributions without reinstallation

Most systems, based on RHEL, were not able to upgrade without reinstallation, or best said, not supported. The new version, that was released at around 18 months later contained so many changes that it was hard to test the upgrades themselves until leapp was introduced. Check the lifecycle here: https://access.redhat.com/support/policy/updates/errata However, the biggest problem could be the incompatibility of packages or package formats… but as usually there were some middle layers it was possible to upgrade without reinstallation by performing some manual steps. ...

April 23, 2022 · 15 min · Pablo Iranzo Gómez

LDAP query from Python

Recently, some colleagues commented about validating if users in a Telegram group were or not employees anymore, so that the process could be automated without having to chase down the users that left the company. One of the fields that can be configured by each user, is the link to other platforms (Github, LinkedIn, Twitter, Telegram, etc), so querying an LDAP server could suffice to get the list of users. ...

October 19, 2021 · 2 min · Pablo Iranzo Gómez
This blog is a participant in the Amazon Associate Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.